Apple encryption export regulations for Themis #
If your application uses Themis and you want to submit it to the Apple App Store, you are required to do the following:
Indicate that you’re using cryptography when submitting your application for review.
Select “YES” to say that your application incorporates cryptography.
Apply for the “open source” exemption.
When filling the next step in the App Store submission form, select “NO” in the Export Compliance section.
Themis cryptographic library is exempt from the need for detailed classification. Themis uses standard publicly available ciphers provided by open source OpenSSL and BoringSSL libraries on Apple platforms.
Send an annual (year-end) self-classification report to the US government to comply with the encryption export regulations.
Submitting an annual self-classification report to Apple #
The procedure is as follows.
- Download a copy of the sample CSV file from the BIS website.
- Fill it out with your own details.
- Email your CSV file to firstname.lastname@example.org and email@example.com.
These are the values that most of our customers use in their CSV reports:
ECCN: 5D992.c AUTHORIZATION TYPE: MMKT ITEM TYPE: Mobility and mobile applications n.e.s. NON-U.S. COMPONENTS: N/A NON-U.S. MANUFACTURING LOCATIONS: N/A
Please see How to file an Annual Self Classification Report by the Bureau of Industry and Security for more details.
Additional resources #
For further guidance, see these resources:
A very nice and frequently updated write-up on submitting the self-classification report by a developer who does it regularly.
Useful recommendations in Supplement No. 8 to Part 742—Self-Classification Report for Encryption Items.
Knowing the difference between 5d002 and 5d992.
Our older article "Apple Export Regulations on Cryptography" (a lot has changed since 2017 when it was originally written, but it’ll give you an insight on why it is necessary to register the encryption tools you use in your applications).